v1.2.0

Key features

• Cephadm Integration: Introduces support for Ceph cluster deployment using cephadm, including logic for offline installation, node replacement, and expansion. Only SEAPATH Debian is supported for the moment. ceph-ansible support is still available and continues to be the default way to configure 

• Cockpit Plugins for Debian: Adds a new role (cockpit_plugins) and updates the prepare.sh script to fetch and install the SEAPATH Cockpit plugins (cockpit-cluster-dashboard and cockpit-cluster-vm-management) on Debian.

• Network Role Refactoring: Replaces the external systemd-networkd role dependency with a new internal role (network_systemdnetworkd) for simpler configuration and variable management.

• SEAPATH Yocto Enhancements:

  • Adds SR-IOV configuration support.
  • Adds the seapath_update_yocto playbook, which was missing from the main branch.

• Debian Grub BootCount Rollback: Introduces a new role (debian_grub_bootcount) to create LVM snapshots during updates and automatically roll back to a working snapshot if a boot failure is detected.

• VM Guest Enhancements:

  • Adds support for memory ballooning in guest.xml templates to optimize host memory.
  • Updates the vm_manager submodule to improve resilience by adding RBD host lists, allowing guests to switch Ceph monitors.

• Hardware Customization (Welotec): The hardware_customization_welotec role no longer depends on an external network role and will not fail if an optional PRP-HSR interface is not found.

• CI Expansion: Adds CI workflows for OracleLinux and CentOS.

Bug fixes

• PTP Vsock: Improves the stability of the ptp_vsock service by ensuring VSOCK connections are always closed (using with syntax) and enabling unbuffered logging.

• SNMP:

  • Fixes an issue where snmpd could become unresponsive by implementing atomic data file generation and forcing the agent to reload periodically.
  • Disables SNMPv2 when SNMPv3 is enabled.

• Ceph:

  • Fixes a variable name typo in the replace_machine_shrink_mon playbook (Mon_to_kill -> mon_to_kill).
  • Removes the creation of an unused ceph-rbd libvirt pool.

• VM Templates:

  • Fixes an XML closing tag in the VM template.
  • Adds a default vm_features variable to guest templates to prevent failures when it's not defined.

• Welotec: Fixes issues to ensure the lan_hsr-prp interface comes up correctly, even without an IP address.

• General: Numerous Ansible-lint corrections and documentation improvements across various roles.

API changes

Multiple variables and defaults have been renamed or refactored with this release. Existing inventories should be updated accordingly:

• Network Variable Sanitization:

  • The no_cluster_network logic has been refactored. The new role-specific variables are: network_systemdnetworkd_no_cluster_network (for the network_systemdnetworkd role) and network_networkdwait_no_cluster_network (for the network_networkwait role).
    Playbooks continue to use no_cluster_networ and define the role variables.
  • The network_systemdnetworkd role variables have been renamed for consistency (e.g., default_config_file -> network_systemdnetworkd_default_config_file).

• Variable Removed:

  • The deprecated extra_network_config variable has been removed. Users should use br0vlan or custom_network for custom network configurations.

• Variables Added:

  • Example inventories now include subnet variables (e.g., admin_subnet) to allow specifying subnet masks in CIDR notation.
  • The vm_features variable defined in the VM configurations can now UEFI secure boot.

• SR-IOV Variables: Variable names for SR-IOV pool creation in deploy_vms roles have been aligned. Please check role documentation.

Changelog

• templates/vm: add secure boot feature by @dupremathieu in #734
• inventories/examples: add two require variables by @dupremathieu in #735
• test_deploy_cukinia_tests: add deploy_cukinia role to the playbook by @dupremathieu in #736
• inventories/examples/seapath-standalone: fix interfaces_to_wait_for by @dupremathieu in #737
• prepare the standalone debian CI virtual infra by @insatomcat in #738
• [debian] prevent hardening to create a ceph user on standalone by @insatomcat in #742
• README.adoc imrpovements and fixes by @Revalioli in #745
• Fix ci latency yocto by @Revalioli in #744
• team0_x/OVS: move role and solves bug by @insatomcat in #743
• ci-yocto: add seapath benchmark execution by @Paullgk in #746
• remove backup-restore and adapt vmmgrapi on standalone by @insatomcat in #747
• ci-yocto: fix incorrect condition by @Paullgk in #748
• introducing new Debian Grub Boot Count Role by @ycongal-smile in #740
• Revert "handlers: use udevadm trigger instead of restarting udev" by @insatomcat in #749
• cluster_setup_ceph: set ceph_uid variable for Yocto by @Revalioli in #751
• Ci fix by @yairpod in #741
• introducing cephadm by @insatomcat in #750
• adds oraclelinux to seapath supported distros by @insatomcat in #724
• some ansible linting by @insatomcat in #754
• debian: adapt tests to incoming trixie by @insatomcat in #757
• Backport some changes needed for trixie by @insatomcat in #758
• Adding Centos Ci workflow by @yairpod in #756
• inventories/providers/abb/README: fix markdown syntax by @dupremathieu in #760
• Create missing readme/meta files for cephadm and ci_centos roles by @insatomcat in #761
• VM templates fixes by @dupremathieu in #762
• bump ansible-role-systemd-networkd by @insatomcat in #763
• fix file descriptor leak in vm_manager by @insatomcat in #764
• snmp agent: reload after 1h by @insatomcat in #765
• snmp: make virt-df.sh not choke on lvm snapshot volumes by @insatomcat in #766
• expose snmp data: have a different interval than the cron job by @insatomcat in #767
• snmp: include the get snmp data logic directly into the expose script by @insatomcat in #768
• snmp: fix snmpd becoming unresponsive during snmp data gathering by @insatomcat in #771
• snmp: add timestamp to data file by @insatomcat in #772
• Adapt "replace failed node" logic to cephadm by @insatomcat in #775
• Fixes on Cephadm by @insatomcat in #777
• cephadm: more fixes by @insatomcat in #778
• cephadm: add cephadm user to privileged group by @insatomcat in #781
• CentOS remove docker forced start by @yairpod in #779
• changes for cephadm and cluster network by @insatomcat in #782
• cephadm - new fixes by @insatomcat in #785
• configure_ha: linting by @insatomcat in #787
• Examples correction by @eroussy in #788
• ceph: fix installation on whole disk by @insatomcat in #789
• pacemaker: adds ethmonitor resource agent override by @insatomcat in #792
• Improve Stonith Disabling by @insatomcat in #795
• VirtualDomain: convert to patch by @insatomcat in #793
• conntrackd: variabilize interface name by @insatomcat in #794
• pacemaker custom RA: cleanup ntp/ptpstatus by @insatomcat in #796
• cephadm: offline installation by @insatomcat in #799
• ci-yocto: migrate latency tests to svtrace-ansible by @Paullgk in #755
• some fixes by @insatomcat in #801
• some fixes by @insatomcat in #803
• bump systemd_networkd role by @bkkouame in #798
• seapath_setup_custom_hardware: add playbook by @Paullgk in #805
• ci_vms_standalone_ptp: remove become by @Paullgk in #804
• some fixes by @insatomcat in #806
• inventories: add subnet variables by @dupremathieu in #807
• Remove duplicate entry and fix xml closing tag by @LCvanDinteren in #811
• Align variables and documentation for sriov pool creation...

v1.1.3

Full Changelog: v1.1.2...v1.1.3

---

Revert "snmp: include the get snmp data logic directly into the expose script"
The pass_persist external script is blocking for snmpd, which means that everytime the data is gathered (which takes 20 seconds or so every 5 min), snmpd becomes totally unresponsive.
This is unacceptable. We will go back to the previous way of gathering data (cron job outside of snmpd), and solve the problem this creates but a different way.
This reverts commit d8e7692.

---

snmp: make snmp data genation atomic
The problem with data gathering with a cron job is that it's not synchronised with the pass_persist "refresh" logic. If the refesh happens during the 20s of the data gathering, then it will read an uncomplete /tmp/snmpdata.txt file.
To solve this, we make the generation of this file atomic, by writing to a temporary file and only at the end of the script rename the file in an atomic way.

---

snmp: add timestamp to data file

v1.1.2

Full Changelog: v1.1.1...v1.1.2

---

---

fix file descriptor leak in vm_manager

---

snmp agent: reload after 1h
The perl snmp agent seems unstable after a few fays of running time. It still runs but does not update the snmp tree anymore.
We fix this by forcing snmpd to reload it after 1h, so that it stays fresh.

---

snmp: make virt-df.sh not chock on lvm snapshot volumes

---

expose snmp data: have a different interval than the cron job
If the cron job that get the snmp data and the expose script have the same interval (currently 300s = 5min), we encounter the risk that the generation of the snmp data file and the reading of that file always happen at the same time...
This commit set the interval of the expose script to 4min, so that we are sure those script don't run at the same time.

---

snmp: include the get snmp data logic directly into the expose script
If both logic use the same interval, there is the risk the interfere with each other.
If we set a different interval, sometime the expose script will run just after the getting of the data (and the exposed data will be fresh) or just before, in which case the data will be fresh again after 4+5min (9min).
For the data to be always fresh, it seems best to run the get_data script just before the expose refresh, so to include it in the script.
This makes the cron job useless, however since the expose script is run by snmp, we have to give the permission to the snmp user via sudo.

v1.1.1

Full Changelog: v1.1.0...v1.1.1

---

team0_x/OVS: move role and solves bug

This logic concerns all physical machines and not just hypervisor.
Plus, this commits adds Before= and After= condition for this logic to also work for a graceful host shutdown (before this commit, it only works for an ovs-vswitchd.service stop).

---

remove backup-restore on standalone
On standalone backup-restore does not make sense.

---

Revert "handlers: use udevadm trigger instead of restarting udev"
seapath/ansible-role-systemd-networkd#8

v1.1.0

Key features

• Remove consolevm script, now replaced by vm-mgr console.
• Add nostart options for VM deployment.
• Update submodules to latest versions.

Bug fixes

• Playbooks improvements for ansible-lint.
• SEAPATH Debian: add missing capabilities for pacemaker service to fix live migration.
• SEAPATH Yocto: always keep systemd-resolved.service enable to prevent dnsmasq.service to fail
• Remove obsolete code.

API changes

Multiple variables are renamed with this release. Existing inventories should be updated accordingly:

• tmpdir --> configure_ha_tmpdir (role configure_ha)
• ptp_network_transport --> timemaster_ptp_network_transport (role timemaster)
• ptp_delay_mechanism --> timemaster_ptp_delay_mechanism (role timemaster)
• hugepages --> yocto_hugepages (role yocto/hugepages)
• on existing debian installations, you need to install 3 packages for v1.1 to work properly:
  • python3-pip
  • python3-wheel
  • patch
    you can get those packages from the debian website, upload them to your servers and install them manually with dpkg, or use apt if you have connectivity to a debian mirror.

Known issues

• SEAPATH Yocto: cukinia test "Check for file with no user and group" might fails #695

Changelog

• Bug fixs from CI testing by @yairpod in #678
• Switch setup_ovs installation to pip-based instead of the deprecated setup.py by @insatomcat in #704
• Ansible Lint: adapt to newest version by @insatomcat in #701
• bump cukinia submodule by @insatomcat in #705
• Switch vm_manager installation to pip-based instead of the deprecated setup.py by @insatomcat in #699
• debian hardening: add cap_setpcap to pacemaker by @insatomcat in #706
• .github/ISSUE_TEMPLATE by @eroussy in #707
• Debian: fix typo in initramfs rebuild handler by @insatomcat in #709
• ci_yocto: clean the log after update in the ARM CI by @dupremathieu in #712
• cqfd: add export flavor by @dupremathieu in #711
• role vmmgrapi: typo in variable name by @insatomcat in #713
• debian/pip: need --no-build-isolation by @insatomcat in #714
• configure_ha: rollback renaming enable_vmmgr_api_http by @insatomcat in #715
• vm template: use "q35" machine type by @insatomcat in #718
• systemd unit: add not "not-found" condition by @insatomcat in #719
• roles/network_resolved: do not disable systemd-resolved on Yocto by @Revalioli in #720
• playbooks: add detect_seapath_distro by @insatomcat in #725
• remove old ptpdocker reference by @insatomcat in #723
• Debian: remove latency testing by @insatomcat in #726
• timemaster: harmonize role variable names by @insatomcat in #727
• bump cukinia-tests by @insatomcat in #728
• bugfix and ABB SSC600SW example refactoring by @eroussy in #722
• ansible.cfg: run --skip-tags "package-install" by default by @dupremathieu in #729
• remove consolevm script by @dupremathieu in #732
• vm_manager: add no_start option to create/enable VM by @insatomcat in #733

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Initial release

Key Features

• Configure a SEAPATH cluster with 3 machines, supporting two configurations
  • Two hypervisors + one observer
  • Three hypervisors
• Cluster features include:
  • VM disk redundancy via Ceph shared storage
  • Failover scenarios managed by Pacemaker
  • Network redundancy ensured by Open vSwitch
  • VM live migration across cluster machines
• Set up SEAPATH network configurations, including:
  • Administration network
  • Cluster network
  • PTP network
  • Inter-VM communication network
  • Additional networks customized by the end user
• Configure time synchonisation
  • PTP synchronisation
  • NTP synchronisation
  • Time forwarding to VMs
• Implement additional cyber hardening for Debian (Yocto hardening managed in meta-seapath).
• Provide a VM deployment interface for SEAPATH clusters or standalone machines, supporting:
  • Configurable Libvirt XML files
  • QCOW2 QEMU files
• ABB SSC600 SW compatibility